help-gnu-radius
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnu-radius] mac address access list

From: Sergey Poznyakoff
Subject: Re: [Help-gnu-radius] mac address access list
Date: Wed, 06 Apr 2005 15:42:47 +0300 
Bill Hamlin <address@hidden> wrote:

> It looks like I could do this in the 'users' file by using the 'Auth-Type =
> Accept'.  But that means I'd have to maintain this text file as MAC
> addresses are added and removed from my billing system.  (If you change the
> users file do you have to signal radiusd to reload it?)

Yes, you do. Usually one runs `radctl reload' to do that.

> What I'd prefer is to use an SQL database and run a query (select userid
> from users where mac=..).  I'm looking at the PAM stuff and that looks like
> it's going to involve prompting for a password, which I don't want.  The AP
> doesnt support that.
> 
> What do you think is the best way for me to handle this?

What does `userid' mean in the above query? Is it needed for authentication?
If it is not, the simplest solution is probably the following:

1. raddb/hints contains this record:

DEFAULT NULL    User-Password = "OK"

Its purpose is to add a `fake' User-Password attribute to the incoming
request (it is supposed that the incoming requests never contain it).

2. raddb/sqlserver defines the following authentication query:

auth_query SELECT 'OK' FROM users where mac='%C{User-Name}'

3. Finally, the following entry in raddb/users does the rest of the
   job:
   
DEFAULT    Auth-Type = SQL, Password-Location = SQL
           ...

(Replace `...' with whatever attributes you wish to return to the NAS).
           
Regards,
Sergey
reply via email to
[Prev in Thread] Current Thread [Next in Thread]